Professional Documents
Culture Documents
A computer virus is a program designed to harm or cause harm on an infected computer. Its spreads
through e-mail attachments, portable devices, websites containing malicious scripts and file
downloads. A computer virus attaches itself to the host files and always activate whenever you open
the infected files. The virus can replicate itself and then infect the other files on your computer causing
more damage. Below is a list of different types of computer viruses and what they do.
Macro Viruses
These viruses infect the files created using some applications or programs that contain macros such
as doc, pps, xls and mdb. They automatically infect the files with macros and also templates and
documents that are contained in the file. They hide in documents shared through e-mail and networks.
Memory Resident Viruses
They usually fix themselves inside the computer memory. They get activated every time the OS runs
and end up infecting other opened files. They hide in RAM.
Overwrite Viruses
These types of viruses delete any information in a file they infect, leaving them partially or completely
useless once they are infected. Once in the computer, they replaces all the file content but the file size
doesnt change.
Direct Action Viruses
These viruses mainly replicate or take action once they are executed. When a certain condition is met,
the viruses will act by infecting the files in the directory or the folder specified in the
AUTOEXEC.BAT. The viruses are generally found in the hard disks root directory, but they keep on
changing location.
Directory Virus
Also known as cluster virus or file system virus. They infect the computers directory by changing
the path indicating file location. They are usually located in the disk but affect the entire directory.
Web Scripting Virus
Most web pages include some complex codes in order to create an interactive and interesting content.
Such a code is often exploited to cause certain undesirable actions. They mostly originate from the
infected web pages or browsers.
Multipartite Virus
These type of viruses spread in many different ways. Their actions vary depending on the OS installed
and presence of certain files. They tend to hide in the computers memory but do not infect the hard
disk.
FAT Viruses
These lardy viruses attack the file allocation table (FAT) which is the disc part used to store every
information about the available space, location of files, unusable space etc.
Companion Viruses
These types of viruses infect files just like the direct action and the resident types. Once inside the
computer, they accompany other existing files.
Polymorphic Virus
They encode or encrypt themselves in a different way every time they infect your computer. They use
different encryption and algorithms. This makes it difficult for the antivirus software to locate them
using signature or string searches (since they are very different in each encryption).
Worm
This program is very similar to a virus and has the ability to self-replicate leading to negative effects
on your computer.
Trojans
Trojans can illegally trace important login details of users online. For example E-Banking is very
common among users, therefore, vulnerability of tracing your login details whenever your PC is
working without any strong powerful antivirus installed.
Email Virus
This is a virus spread via an email. Such a virus will hide in an email and when the recipient opens
the mail.
Browser Hijacker
This virus can spread in many different ways including a voluntary download. If infects certain
browser functions especially in form of re-directing the user automatically to certain sites. A good
example is
Browser Hijackers Include:
the cool web search
Boot Sector Virus: . If a computer is infected with Boot Sector Virus, when the computer is turned
on, the virus launches immediately and is loaded into memory, enabling it to control the computer.
File Deleting Viruses: A File Deleting Virus is designed to delete critical files which are the part of
Operating System or data files.
Mass Mailer Viruses: Mass Mailer Viruses search e-mail programs like MS outlook for e-mail
addresses which are stored in the address book and replicate by e-mailing themselves to the addresses
stored in the address book of the e-mail program.
Macro viruses: Macro viruses are written by using the Macro programming languages like VBA,
which is a feature of MS office package. A macro is a way to automate and simplify a task that you
perform repeatedly in MS office suit (MS Excel, MS word etc). These macros are usually stored as
part of the document or spreadsheet and can travel to other systems when these files are transferred
to another computers.
Armored Viruses: Armored Viruses are type of viruses that are designed and written to make itself
difficult to detect or analyze. An Armored Virus may also have the ability to protect itself from
antivirus programs, making it more difficult to disinfect.
Stealth viruses: Stealth viruses have the capability to hide from operating system or anti-virus
software by making changes to file sizes or directory structure. Stealth viruses are anti-heuristic nature
which helps them to hide from heuristic detection.
Retrovirus: Retrovirus is another type virus which tries to attack and disable the anti-virus
application running on the computer. A retrovirus can be considered anti-antivirus. Some Retroviruses
attack the anti-virus application and stop it from running or some other destroys the virus definition
database.
Multiple Characteristic viruses: Multiple Characteristic viruses has different characteristics of
viruses and have different capabilities.
TROJAN,LOGIC BOMB
There are many computer security problems which are very hard to detect. These problems occur
when a system programmer places an unwanted program in the system for his own personal gains.
To avoid these problems, code should be reviewed when a new code in placed in the system. Below
given are some of the computer security problems which can be enforced by the system programmers:
Logic bomb: A logic bomb is a code which could be written and placed in a system by a programmer.
A logic bomb needs a trigger to be activated. A trigger is actually a specific condition which needs to
be fulfilled to activate the logic bomb. Logic bomb is not easy to find out in the system and it is
mostly untraceable. It is activated only when certain conditions are met. Logic bombs can delete files,
encrypt data or lock the system down which can be unlocked only by the person who placed the logic
bomb.
Software that is inherently malicious, such as viruses and worms, often contain logic bombs that
execute a certain payload at a pre-defined time or when some other condition is met. This technique
can be used by a virus or worm to gain momentum and spread before being noticed.
Trap door: A trap door is a login which can be created by the system administrator to log in to a
system by using a default or no password. Trap doors are a security problem because the owner of
the computer doesnt know that there is a trap door in place and unauthorized login is possible.
A backdoor is a method, often secret, of bypassing normal authentication in a product, computer
system, cryptosystem or algorithm etc. Backdoors are often used for securing unauthorized remote
access to a computer, or obtaining access to plaintext in cryptographic systems.
A computer trapdoor, also known as a back door, provides a secret -- or at least undocumented -method of gaining access to an application, operating system or online service. Programmers write
trapdoors into programs for a variety of reasons. Left in place, trapdoors can facilitate a range of
activities from benign troubleshooting to illegal access.
Weaknesses in design logic also can introduce trapdoors into program code inadvertently and
innocently. Many software developers include undocumented trapdoor passwords, which they use for
maintenance or unspecified purposes. Software companies rarely acknowledge the presence of
trapdoors and trapdoor passwords in proprietary software -- software whose source code is not
distributed publicly -- but users sometimes expose them.
Trojan horse
Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses
onto your computer. A Trojan horse, often shortened to Trojan, is a type of malware designed to
provide unauthorized, remote access to a users computer. Trojan horses do not have the ability to
replicate themselves like viruses; however, they can lead to viruses being installed on a machine since
they allow the computer to be controlled by the Trojan creator. The term gets its name from the Greek
story of the Trojan War, when the Greeks offered the Trojans a peace offering in the form of a large
wooden horse. However, once the Trojans wheeled the horse behind their closed gates and night fell,
the soldiers hidden inside the horse climbed out and opened the city gates, allowing the Greek army
to infiltrate Troy and capture the city. Trojan horse software operates the same way, where Troy is
your computer and the horse is the benign-seeming application. Trojan horses can assist an attacker
into turning a users computer into a zombie computer, stealing various data such as credit card
information, installing more malware, keylogging and various other malicious activities. Also, it is
possible for other crackers to control the compromised computer simply by searching for computers
on a network using a port scanner and finding ones that have already been infected with a Trojan
horse. Trojan horses continue to increase in popularity and currently account for the majority of
known malware found on the web.
Login spoofing: Login spoofing is a technique used by a programmer to place a fake login screen in
front of the user which looks exactly like the regular login screen. After the user has entered the
username and password and when he hits the login screen, the password is acquired by the
programmer and the original login screen is displayed. The user thinks that he made a typo while
entering the password and logs in again not knowing that his password has been acquired.
the Internet Engineering Task Force (IETF). An alternative to S/MIME is PGP/MIME, which
has also been proposed as a standard.
MIME itself, described in the IETF standard called Request for Comments 1521, spells out how an
electronic message will be organized. S/MIME describes how encryption information and a digital
certificate can be included as part of the message body. S/MIME follows the syntax provided in the
Public-Key Cryptography Standard format #7.
SMART CARDS
A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card that has embedded
integrated circuits. Smart cards are made of plastic, generally polyvinyl chloride, but sometimes
polyethylene terephthalate based polyesters, acrylonitrile butadiene styrene or polycarbonate.
A smart card is a plastic card about the size of a credit card, with an embedded microchip that can
be loaded with data, used for telephone calling, electronic cash payments, and other applications, and
then periodically refreshed for additional use.
Smart Card?
A smart card is a special type of card like device which contains an integrated circuit chip embedded
on it. The IC chip can be a microprocessor with memory or just simple memory circuit. In simple
laymans words, a smart card is the card with which we can exchange the data, store it and manipulate
data.
How does the Smart Card Works?
A smart card is connected to the host computer or controller via a card reader which gets information
from the smart card and accordingly passes the information to the host computer or controller.
Secure transactions
Gives more security
More tough and dependable
Permit numerous provisions to be saved in one card
Block Diagram showing a Smart Card System to allow Authorized Access by Edgefx Kits
SPAM
What is SPAM?
irrelevant or unsolicited messages sent over the Internet, typically to large numbers of users,
for the purposes of advertising, phishing, spreading malware, etc.
Electronic Spamming
spam in blogs
wiki spam
Email spam
Email spam, also known as junk email is a subset of electronic spam whereby a single
unsolicited message is sent by email.
Spam email may also include malware as scripts or other executable file attachments.
Spammers collect email addresses from chatrooms, websites, customer lists etc
Types of SPAM
Image spam
Blank spam
Image spam
Image spam, or image-based spam, is an obfuscating method in which the text of the message is
stored as a GIF or JPEG image and displayed in the email.
image spam contains computer-generated text which simply annoys the reader
Blank spam
Blank spam is spam lacking a payload advertisement. Often the message body is missing
altogether, as well as the subject line. Still, it fits the definition of spam because of its nature
as bulk and unsolicited email.
Blank spam can have been sent in a directory harvest attack, a form of dictionary attack for
gathering valid addresses from an email service provider.
Blank spam may also occur when a spammer forgets or otherwise fails to add the payload
when he or she sets up the spam run.
KRYPTOKNIGHT
For this reason much effort have been recently invested into providing security services in a
variety of networks.
One of the most well known efforts is Kerberos, a network security service originally
developed at MIT.
A new security service called KryptoKnight developed jointly by IBM Zurich & Yorktown
Research Laboratories.
An authentication & key distribution system that provides facilities for secure communication
in any type of network environment.
Kryptoknight was designed with the goal of providing network security services with a high
degree of compactness & flexibility.
KrypoKnight functions at both end points of communication and can perform different
security tasks depending on the particular network configuration.
KRYPTOKNIGHT OVERVIEW
Single Sign On
As a first step, the user authenticates himselft to the kryptoknight system by executing kklogin
command. The purpouse of this command is to perform a unified, network wide login from the user.
In the 1st message user tells the Authentication server that he wants to log on,specifying his own
name.
This message allows the authentication servers to validate the user as it contains a value which is a
function of both the current time and user password and is reffered as PRE-AUTHENTICATION.
The second message contains the relply from the Authentication servers which is sealed with
a key derived from the users password.
At this point kklogin prompts the user for his password and uses this to unseal the ASs Reply
retrieving the details(ticket) contained in it.
A successful results implies that user had provided a correct password and proved the idendity.
Using this details by kryptoknight primitives, an entity can communicate with remote peers
and prove that this is in fact executing on this behalf of the particular user.
Since user authentication takes place once,until the user explicitly terminates the login session
by executing the kklogoff command,and any number of local programs can utilize its result
when authenticating themselves to remote programs and this program is known as Single
Sign On or SSO.
An entity refferd to as an INTIATOR, starts the authentication process by issuing an API call
that returns a authentication message.
This authentication message is sent to the remote peer entity, known as RESPONDER,
receives the message,it issues a corresponding API call that verifies the validity of incoming
authentication message.
Depending upon the authentication parameters, either one way authentication or mutual
authentication can be performed.
In case of 1 way authentication, the first message authenticates the initiator to responder. If
the verification is successful the responder will make sure that the initiator is valid and also
truely acting
In case of mutual authentication, the exchange of messages created via respective API Calls,is
required: one will authenticate the RESPONDER to INITIATOR, the other will complete
the protocol by finally authenticating the INITIATOR to RESPONDER.
3)Key Distribution
The authentication protocol requires both initiator and responder who share a secret key.
The entire process of contacting the authentication server, proving ones identity and receiving
key is hidden from the entities using the kryptoknight protocol
In other words whether or not 2 parties share a secret key they make the same API Calls with
exactly the same parameters
It will be terminate either explicitly, by one of the communicating parties sending to the
another party a request to end the session, or implicitly upon the expiration of the shared key.
Until the session termination, the entities can through the KryptoKnight API, authenticate the
contents and the origin of the data messages exchanged.